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Amendments to the Specification: 

Please replace lines 9 - 28 of page 26 with the following: 

(1) U.S. Non-Provisional Patent Application No. 09/708,883 / , - 
entitled 'Techniques For Dispensing Postage Using A Communication 
Network" , filed February 9. 2000 (Attorn e y Docket No. 006969 022320US) : 

(2) U.S. Non-Provisional Patent Application No. 09/708.975 / 
entitled "Method Of Distributing Postage Label Sheets With Security 
Features" , filed November 7. 2000 (Attorn e y Dock e t No. 006969 0255 10US1 : 

_ (3) U.S. Non Provisional Pat e nt Application No. / , , e ntitl e d 
"M e thod And Apparatus For Providing Postag e Indicia Ov e r A Data 
Communication Network" (Attorney Docket No. 006969 025100US); 

([[4]]3J U.S. Non-Provisional Patent Application No. 09/708.698 / . - 
entitled "System And Method For Managing Multiple Postage Functions In A 
Single Account ", filed November 7. 2000 (Attorney Docket No. 006969 
0212 10US) ; 

(§4) U.S. Non-Provisional Patent Application No. 09/708.792 / . — . 
entitled "Targeted Advertisement Using A Security Feature On A Postage 
Medium" , filed November 7. 2000 (Attorney Dock e t No. 006969 025520US) : 

(65) U.S. Non-Provisional Patent Application No. 09/708.185 / . — . 
entitled "System And Method Of Printing Labels" , filed November 7. 2000 
(Attorney Dock e t No. 006969 0256 10US) ; mi 

(76) U.S. Non-Provisional Patent Application No. 09/708971 _/ . — . 

entitled "Providing Stamps On Secure Paper Using A Communications 
Network ", filed November 7. 2000 (Attorney Docket No. 006969 
022220US). ; 

(7) U.S. Non-Provisional Patent Application No. 09/61 1.375. entitled 
"Providing Stamps On Secure Paper Using A Communications Network." 
filed July 7. 2000; 

($) U.S. Provisional Patent Application No. 60/216.779. entitled "System And 
Method Of Printing Labels." filed July 7. 2000; 

(9) U.S. Provisional Patent Application No. 60/216.653. entitled "Method And 
System For Dispensing Postage Over The Internet. With Enhanced Postal 
Security Features" filed July 7. 2000: 

(10) U.S. Provisional Patent Application No. 60/206.207. entitled "Providing 
Stamps on Secure Paper Using A Communications Network" filed May 22. 
2000: 
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(1 1) U.S. Provisional Patent Application No. 60/204,357, entitled "Stamps 
Over a Communications Network" filed May 15, 2000; 

(12) U.S. Provisional Patent Application No. 60/181,299. entitled "System 
and Method For Stamps Over The Internet," filed February 9, 2000; and 

(13) U.S. Provisional Patent Application No. 60/181,368, entitled "System 
and Method For Stamps Over The Internet," filed February 8, 2000. 

Please replace the two paragraphs beginning on line 23 of page 6 with the following amended 
paragraphs: 



Each user (client) 132, 134 typically comprises a conventional personal 
computing machine (PC) running conventional user software (not shown). 
Typical PC's include Macinto o h MACINTOSH ® PC's from Apple Computer, 
Inc., fete HNTEL ®-compatible PC's, and so on. Data servers 102 and 104 are 
typically high-end computing machines capable of high speed operation and 
much higher data storage capacity than typical PC's. Computing systems 
suitable for user machines and server systems are well known and do not 
require additional discussion to one of ordinary skill in the art. 

Similarly, server software and user software systems are known. In the 
following discussion, the illustrative embodiment of the present invention uses 
the World Wide Web, and so the user software is a component referred to as a 
"web browser." For example, Netscape Navigato rN AVIGATOR ® by 
Netscape Communication Corporation is a popular web browser. Another 
browser is Internet Explor e r EXPLORER ® by Microsoft Corporation. 



Please replace the paragraph beginning on line 10 of page 7 with the following amended 
paragraph: 



In accordance with the representative embodiment shown in Fig. 1, first server 
102 is a web server, providing HTML-based content 1 12 to users 132, 134. 
The web server can be any data processing machine or machines running 
(executing) appropriate system and applications software such as the 
operating system (OS). Server software running on the first server provides 
the web content comprising the web pages which constitute a web site. Thus, 
for example, ¥ahe eYAHOO ® is a web site comprising numerous web pages 
that can be accessed by a user. Large web sites typically have multiple server 
machines to provide adequate system throughput. Thus, each of the servers 
102, 104 shown in Fig. 1 may in actuality be one or more physical machines, 
though logically each is viewed as a single server machine (system). 
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Please replace the paragraph beginning on line 29 of page 8 with the following amended 
paragraph: 

Referring to Figs. 2 and 3, server software 212 running on first server 102, in 
accordance with the invention, includes functionality to provide a portal 
through which postage can be distributed from a postage vendor server to 
users visiting the site being maintained at the first server. For the discussion 
of the illustrative embodiment which follows, user 132 comprises a 
Windows WINDOWS ®-based OS (e.g., Windowo WINDOWS 95) provided 
by Microsoft Corporation, though it is understood that other OS technologies 
can be used. 

Please replace the paragraph beginning on line 10 of page 1 1 with the following amended 
paragraph: 

At step 309, the web site 102 initiates a download of a postage printing 
software component 202 to the user's system. The download of the postage 
printing software component preferably, but not necessarily, occurs 
concurrently with sending postage requests to the postage vendor server for 
efficiency reasons. The postage printing software component provides a 
specialized printing capability and printer interface for handling the eventual 
printing of the postage to produce the indicium. This aspect of the invention 
is more fully described in U.S. Provisional Patent Application No. 
60/2 1 6,779, entitled "System And Method Of Printing Labels," filed July 7, 
2000. [we should reference grog' s non - provi s ional application covering 
thi s s ubject matter] The postage printing software component can be a print 
DLL (dynamically linked library) software component that is dynamically 
installed into the OS, a Jav aJAVA ® script that is downloaded and executed 
by the browser software, or other printing software implementations or 
techniques known to those of ordinary skill. 

Please replace the paragraph beginning on line 6 of page 13 with the following amended 
paragraph: 

In step 318, the information for printing the indicium (optionally enhanced to 
contain a background image) is then sent to the user at user system 232. The 
information received by the user is then used to print the indicium. For 
example, a printer device 142 coupled to the user system may be used to print 
the indicium (or indicia) 200 . The postage printing software component 202 
in the user receives the information and interacts with the user to print the 
postage, step 320. As mentioned above, the printing aspect of this invention is 
more fully described in U.S. Provisional Patent Application No. 60/216,779, 
entitled "System And Method Of Printing Labels," filed July 7, 2000, and 
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U.S. Non-Provisional Patent Application No. 09/708,185 / . — entitled 
"System and Method of Printing Labels" (Attorn e y Dock e t No. 006969 
025610US) . The postage printing software component 202 automatically 
initiates an interactive print sequence upon receiving the information, 
prompting the user through the steps to print out the received postage. 



Please replace the paragraph beginning on line 5 of page 14 with the following amended 
paragraph: 



When the off-line print program is initiated, it establishes a communication 
link to the Internet to obtain the postage printing software component 202. 
This component may reside on the first server 102, on the postage vendor 
server 104, or at some other convenient location on the Internet, or on a local 
network server. Alternatively, the postage printing software component can 
be hardcoded into to the off-line print program, or is already installed in the 
Windows OS as a print DLL. Preferably, the postage printing program is 
obtained from a location on the Internet and downloaded on a per-use basis. 
This allows for the postage printing program to be easily maintained and 
updated to provide new printing features, enhanced user interfaces, and so on. 
The off-line print program operates as described in U.S. Provisional Patent 
Application No. 60/216,779, entitled "System And Method Of Printing 
Labels," filed July 7, 2000, and U.S. Non-Provisional Patent Application No. 
09/708 J 85 / , entitled "System and Method of Printing Labels" 
(Attorney Docket No. 006969 025610US) . 



Please replace the 7 paragraphs beginning on line 1 of page 17 with the following amended 7 
paragraph : 



Fig. 7 depicts an expanded block diagram of postage vendor system 104 
according to an embodiment of the present invention. As shown in Fig. 7, 
postage vendor system 104 may comprise one or more web servers 702, one 
or more postal security device module (PSDM) servers 30 4704- L 704-2 (with 
associated cryptographic modules 706 706-1, 706-2) , and a database 708 
coupled to a local communication network 710 via a plurality of 
communication links 712. Local communication network 710 provides a 
mechanism for allowing the various components of postage vendor system 
104 to communicate and exchange information with each other. Local 
communication network 710 may itself be comprised of many interconnected 
computer systems and communication links. Communication links 712 may 
be hardwire links, optical links, satellite or other wireless communications 
links, wave propagation links, or any other mechanisms for communication of 
information. The configuration of postage vendor system 104 depicted in Fig. 



Page 6 of 26 



Appl. No. 09/708,913 

Amdt. sent December 17, 2003 

Reply to Office Action of August 22, 2003 



PATENT 



7 is merely illustrative of an embodiment incorporating the present invention 
and does not limit the scope of the invention as recited in the claims. One of 
ordinary skill in the art would recognize other variations, modifications, and 
alternatives. 

Web server 702 may host the postage vendor's web site and store web pages 
provided by the postage vendor. Web server 702 is responsible for receiving 
URL requests from user systems 232 232-1, 232-2 and for forwarding web 
pages corresponding to the URL requests to the requesting user systems 
23 2232-1, 232-2 . As previously stated, these web pages allow a user to 
interact with postage vendor system 104. e.g. to configure a request to 
purchase postage from postage vendor system 104. When user system 
23 2232-1, 232-2 requests communication with postage vendor system 104, 
web server 702 may be configured to establish a communication link between 
user system 23 2232-1, 232-2 and postage vendor system 104. For example, 
web server 702 may establish a secure Internet socket link. e.g. a SSL 2.0 link, 
between postage vendor system 104 and user system 23 2232-1, 232-2 . As 
noted above, the information communicated between user system 23 2232-1, 
232-2 and postage vendor system 104 may be SSL encrypted using various 
encryption levels, e.g. 40-bit encryption, 128-bit encryption, and the like. 
Web server 702 may also incorporate a firewall which shields the internal 
potage vendor system network from communications network 122 and user 
systems 23 2232- 1, 232-2 and other resources coupled to communications 
network 122. According to an embodiment of the present invention, web 
server 702 is responsible for receiving requests from user systems 23 2232-1, 
232-2 to purchase stamps and for performing load distribution and fail-over 
processing associated with the requests. Web server 702 may also be 
configured to control the downloading of printer control programs from 
postage vendor system 104 to user system 23 2232-1, 232-2 . 

Each PSDM server 704 704-1, 704-2 , in conjunction with one or more 
cryptographic modules 706 706-1, 706-2 coupled to the PSDM server, is 
responsible for generating the information for printing the indicium in 
response to requests to buy postage received from one or more user systems 
23 2232-1, 232-2 . According to an embodiment of the present invention, 
functions performed by PSDM server 70 4704-1, 704-2 include functions 
performed by a Postal Security Device (PSD) as described in the IB IP 
specifications published by the USPS. For example, functions performed by 
PSDM server 70 4704-1, 704-2 include initialization and creation of PSD 
resources, digital signature generation, management of funds related to the 
postage dispensed by postage vendor system 104, generation of information 
for printing the indicia, key handling, and other functions. PSDM servers 
70 4704-1, 704-2 are designed to operate in a clustered environment to allow 
for expandability to meet the needs of a rapidly growing user base. According 
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to an embodiment of the present invention, PSDM server 70 4704- 1, 704-2 
communicates with web server 702 using a DCOM (Microsoft's Distributed 
Component Object Model) interface. 

Each PSDM server 704 704- K 704-2 may comprise one or more cryptographic 
modules 70 6706- L 706-2 for performing cryptographic functions and for 
generating digital signatures. Various keys for performing security-critical 
functions such as digital signature generation, hashing, encryption, etc. are 
stored by cryptographic module 706 706- h 706-2 . According to an 
embodiment of the present invention, cryptographic module 706 706- h 706-2 
is a nCipher nFast/CA module which is validated to FIPS 140-1 Level 3 
security. 

According to the teachings of the present invention, PSDM server 70 4704- L 
704-2 uses PSD resources to generate indicia and to track monetary amounts 
related to the postage dispensed by postage vendor system 104. In order to 
increase the indicia generation throughput, a plurality of shared PSD resources 
may be used by PSDM servers 70 4704- L 704-2 to generate the indicia. By 
using a plurality of PSD resources, multiple PSDM servers 70 4704- L 704-2 
can run concurrently, producing indicia in parallel without the bottleneck of 
sharing a single PSD resource. 

According to an embodiment of the present invention, each PSD resource 
comprises a unique PSD identifier (e.g. a 4-byte identifier), a descending 
register (DR) value (e.g. a 4-byte value), an ascending register (AR) value 
(e.g. a 5-byte value), and a control code (e.g. a 20-byte value). The PSD 
identifier uniquely identifies each PSD resource. The ascending register (AR) 
value represents the total monetary value of all indicia ever produced by the 
PSD during its life cycle. The descending register (DR) value indicates the 
available funds assigned to the PSD resource which may be used to dispense 
postage. According to an embodiment of the present invention, the monetary 
values stored by the AR and DR values are measured in 1/10 of 1-cent 
increments as specified in the IB IP specifications. The control code is a 
secure hash of the PSD identifier, the PSD AR value, and the PSD DR value. 
According to an embodiment of the present invention, the control code is 
generated using HMAC-with-SHAl (RFC 2104) using a secret HMAC key 
stored by cryptographic module 706 706- L 706-2 . 

According to the teachings of the present invention, monetary amounts related 
to the postage dispensed by postage vendor system 104 are tracked using a 
global PSD (GPSD) resource and a pool of PSD resources referred to as mini- 
PSDs (or MPSDs). According to an embodiment of the present invention, 
eight MPSD resources may be used by a single cryptographic module 70 6706- 
L 706-2 associated with PSDM server 704 704- K 704-2 to concurrently 
generate information for printing indicia. The sum of the AR value and the 
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DR value of the GPSD represents the total amount of postage bought from the 
postal authority, for example, from the USPS, by the postage vendor provider 
(e.g. Neopost) of postage vendor system 104. The sum totals of the AR and 
DR values of the MPSD resources matches the AR and DR values of the 
GPSD resource. Information related to the GPSD resource and MPSD 
resources may be stored in database 708. 



Please replace the 2 paragraphs beginning on line 5 of page 20 with the following amended 2 
paragraphs: 

Database 708 acts as a repository for storing information related to the postage 
dispensing process. For example, database 708 may store information related 
to the PSD resources (both GPSD and MPSDs), information used for 
generation of digital signatures, and other like information. Database 708 
may also store information about users who have purchased postage from 
postage vendor system 104. Information related to users who have registered 
with postage vendor system 104, e.g. user account information, user 
preferences information, etc. may also be stored by database 708. Database 
708 may also store the postal license number assigned to postage vendor 
system 104 by the postal authority. Other information related to the 
dispensing of postage may also be stored by database 708. The term 
"database" as used in this application may refer to a single database or to a 
plurality of databases coupled to local communication network 710. Further, 
database 708 may be a relational database, an object-oriented database, a flat 
file, or any other way of storing information. According to an embodiment, 
database 708 is coupled to web server 702 and to PSDM server 704 -704- L 
704-2 via an ODBC interface. 

Fig. 8 is a simplified flowchart 800 showing processing performed by the 
various components of postage vendor system 104 upon receiving a request to 
purchase postage according to an embodiment of the present invention. As 
shown in Fig. 8 processing is generally initiated when a user using user 
system 232 232- L 232-2 accesses one or more web pages provided by postage 
vendor system 104 (step 802). Requests to access web pages are generally 
received by web server 702 which responds by transmitting the requested web 
pages to requesting user system 23 2232- L 232-2 . As part of the 
communication, web server 702 may establish a SSL connection with user 
system 23 2232-1, 232-2 . According to an embodiment of the present 
invention, web server 702 may also download a print control program, such as 
an ActiveX control or a Netscape plug-in, to user system 232 232- L 232-2 . 
The control program may be executed to establish the SSL connection. 
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Please replace the paragraph beginning on line 3 of page 21 with the following amended 
paragraph: 

According to an embodiment of the present invention, the user purchase 
request may be transmitted .from user system 233- 232- L 232-2 to postage 
vendor system 104 in the form of a data structure in Extensible Markup 
Language (XML), and may comprise the following: 

Please replace the 2 paragraphs beginning on line 10 of page 22 with the following amended 2 
paragraphs: 

It should be apparent that the above described data structure merely illustrates 
an example of the data and the data format which may be included in the 
user's request to purchase postage which is communicated from user system 
23 2232- h 232-2 to postage vendor system 104 and is not meant to limit the 
scope of this invention as recited in the claims. In alternative embodiments of 
the present invention, more or less information than that shown above may be 
included in the user request. Further, various different formats may be used 
for communicating the information to postage vendor system 104. 

Web server 702 may then validate the purchase request received from user 
system 232 232-1, 232-2 (step 806). As part of the validation step, web server 
702 may check the validity of the user, the validity of credit-card information 
or other like information provided by the user, the validity of information 
identifying the medium on which the indicia are to be printed, e.g. sheet serial 
numbers and/or label serial numbers provided by the user, and validity of 
other information related to the purchase request. Various other validation 
checks may also be performed according to alternative embodiments of the 
present invention. 

Please replace the 3 paragraphs beginning on line 9 of page 23 with the following amended 3 
paragraphs: 

Web server 702 then checks if any of the validation checks performed in step 
806 failed (step 808). If any validation check failed, web server 702 may send 
a message back to the requesting user system 232 232- L 232-2 indicating that 
the validation was unsuccessful (step 810). The message communicated to 
user system 232 232- L 232-2 may also optionally provide reasons for the 
failure. The user may then be provided a chance to remedy the reason for the 
validation failure. For example, if the user is a registered user with a pre- 
fiinded account, and web server 702 during the validation process determines 
that the user does not have sufficient funds in his/her account to pay for the 
requested postage, the user may be offered the choice of adding funds to the 



Page 10 of 26 



# 




Appl. No. 09/708,913 

Amdt. sent December 17, 2003 

Reply to Office Action of August 22, 2003 



PATENT 



account to enable the transaction to be completed, or the user may be allowed 
to change the purchase request such that the amended request falls within the 
limits of available funds. Likewise, if the user has inadvertently provided 
incorrect information e.g. credit card information, the user may be allowed to 
correct the information and resend the purchase request to postage vendor 
system 104. 

If it is determined in step 808 that the validation checks performed in step 806 
were successful, web server 702 then, based on the purchase request, 
determines the number of stamps for which information for printing the 
indicium have to be generated and the tasks for generating the information are 
allocated to one or more PSDM servers 704 704-1, 704-2 (step 814). In this 
manner, web server 702 distributes the indicium related information 
generation work load among PSDM servers 70 4704- L 704-2 coupled to local 
communication network 710. Web server 702 may use different allocation 
schemes/algorithms to distribute the work among PSDM servers 70 4704- h 



According to an embodiment of the present invention, web server 702 
maintains a list of all PSDM servers 70 4704- h 704-2 coupled to local 
communication network 710. For example, a list of available PSDM servers 
704 704- h 704-2 may be stored in the Windows NT registry of web server 
702. A system administrator may add or remove PSDM servers using a 
Windows NT registry editor. According to another embodiment, a proxy 
software (e.g. C++) class may be provided which stores a list of the available 
PSDM servers 704 704- h 704-2 . Information related to PSDM servers 
70 4704- L 704-2 may also be stored in database 708. Web server 702 may 
then use an allocation scheme such as a round-robin scheme to distribute the 
work. For example, if there are two PSDM servers available, web server 702 
will alternate sending indicium printing information generation requests to the 
two PSDM servers. According to this embodiment, if the user has requested 
the purchase of two US$0.33 stamps, the task of generating information for 
printing the indicium for the first US$0.33 stamp will be allocated to the first 
PSDM server, and the task of generating information for printing an indicium 
for the second Us$0.33 stamp will be allocated to the second PSDM server. 
In this manner, web server 702 makes optimal use of available PSDM servers 
704 704- L 704-2 . It should be apparent that various other allocations 
schemes/algorithms may also be used by web server 702. 



Please replace the 9 paragraphs beginning on line 10 of page 25 with the following amended 9 



Referring back to Fig. 8, after the task to generate information for printing an 
indicium for a stamp has been assigned to a PSDM server 704 704- 1, 704-2 , 



704-2. 



paragraphs: 



> 
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the PSDM server then selects a MPSD resource to be used for generating the 
information for printing the indicium (step 816). According to an 
embodiment of the present invention, when PSDM server 70 4704- L 704-2 is 
initialized, for example during system startup, PSDM server 70 4704- L 704-2 
acquires exclusive rights to one or more MPSD resources stored in database 
708 which will be used to service requests for indicia generation. In essence, 
PSDM server 70 4704- L 704-2 "checks out" one or more MPSD resources 
from database 708. In a specific embodiment, each PSDM server 70 4704- L 
704-2 equipped with a cryptographic module 70 6706- L 706-2 checks out up 
to eight MPSD resources. After obtaining exclusive rights to the pool of 
MPSD resources, PSDM server 70 4704- L 704-2 goes online and waits for 
requests to generate information for printing indicia. Accordingly, when 
PSDM server 704 704- 1 % 704-2 receives a request to generate information for 
printing an indicium from web server 702, PSDM server 70 4704- 1 % 704-2 
selects one of the previously checked out MPSD resources for generating the 
information. 

According to an embodiment of the present invention, as part of step 816, if 
no MPSD resources are available for use when requested from database 708, a 
new MPSD resource may be automatically generated. The new MPSD 
resource is assigned a unique identifier, its AR and DR values are set to zero, 
and a control code value is assigned to it. The requesting PSDM server 
70 4704- L 704-2 is then allowed to check out the new MPSD resource. A 
signal is communicated to PSDM server 70 4704- h. 704-2 indicating that the 
MPSD resource is new, and this causes PSDM server 70 4704-1, 704-2 to 
make a request to add funds (i.e. add funds to the DR value of the MPSD 
resource) to the MPSD resource to make it usable. The process of funding a 
MPSD resource is described below. 

PSDM server 704 704- h 704-2 may then ensure that the selected MPSD 
resource has sufficient funds to satisfy the postage request (step 818). If the 
selected MPSD resource does not have sufficient funds to satisfy the postage 
request, then PSDM server 70 4704- L 704-2 may perform processing to fund 
the selected MPSD resource. Further details regarding processing performed 
by PSDM server 704 704- L 704-2 to fund the selected MPSD resource are 
explained below with r e sp e ct to Fig. 10 . 

PSDM server 704 704- L 704-2 then generates the information for printing the 
requested indicium using the selected (and sufficiently funded) MPSD (step 
820). PSDM server 704 704-1, 704-2 adjusts the AR and DR values of the 
selected MPSD resource corresponding to the value of the requested stamp for 
which indicium is to be being generated. The AR value of the selected MPSD 
resource is increased by the amount of the stamp while the DR value of the 
selected MPSD resource is decreased by the stamp value. The AR and DR 
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values for the MPSDs along with other information related to the MPSDs may 
be stored in database 708. 

The information for printing the indicium generated in step 820 includes a 
digital signature signed by cryptographic module 706 706- h 706-2 coupled to 
PSDM server 704 704- L 704-2 . Several different digital signature algorithms 
may be used to generate the digital signature. These include algorithms 
identified in the IBIP specifications such the Digital Signature Algorithm 
(DSA), the Rivest Shamir Adleman (RSA) Algorithm, the Elliptic Curve 
Digital Signature Algorithm (ECDSA), and others. The digital signature 
methodology provides data integrity and non-repudiation services. According 
to an embodiment of the present invention, the digital signature generated by 
PSDM server 70 4704-1, 704-2 generally complies with the digital signature 
requirements specified in the IBIP specifications. 

According to a specific implementation of the present invention, the digital 
signature is signed using a DSA private key, for example, a 1024-bit DSA 
key, stored by cryptographic module 70 6706- 1, 706-2 . Cryptographic module 
70 6706- L 706-2 may also store additional keys, such as a key used for 
hashing purposes, and others. According to an embodiment of the present 
invention, a Hash-based Message Authentication Code (HMAC) key is stored 
by cryptographic module 706 706- h 706-2 and used for hashing. In order to 
protect the identity of the private and other keys, cryptographic module 
70 6706- h 706-2 may use a master key to encrypt the stored keys. This master 
key is generally internally stored and cannot be exported in any way outside 
of cryptographic module 706 706- L 706-2 . According to an embodiment of 
the present invention, a Triple Digital Encryption Standard (3DES) master key 
is used to encrypt the other keys. 

The various keys stored by cryptographic module 706 706- h 706-2 are 
generally created when PSDM server 704 704- L 704-2 is initialized. The 
private key, hashing key, and other keys are created, encrypted using the 
master encryption key and then internally stored by cryptographic module 
706 706- h 706-2 . The public key corresponding to the private key used for 
signing the information for printing the indicium, for example a public DSA 
key corresponding to the private DSA key stored by cryptographic module 
70 6706-1, 706-2 , is then sent to the postal authority to receive a certificate 
serial number. The certificate serial number is stored in database 708 and 
used by PSDM server 70 4704-1, 704-2 in the indicium generation process. 

As part of step 820, data related to the process of generating information for 
printing the indicium may be stored in database 708. For example, financial 
information, user information, and other information related to generation of 
information for printing the indicium may be stored in database 708 by PSDM 
server 704 704- 1, 704-2 and associated cryptographic module 706 706-1, 706- 
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2. This information may be downloaded to postal authority system 160 at 
periodic intervals. 

The information for printing the indicium generated in step 820 is then 
forwarded by PSDM server 704- 704- L 704-2 to web server 702 which 
communicates the information to requesting user system 23 2232- L 232-2 
(step 822). As described above, according to an embodiment of the present 
invention, PSDM server 704 -704- L 704-2 may use a DCOM interface (e.g. 
the IPSDStation interface described above) to forward the generated indicium 
to web server 702. For example, a call to the "Createlndicium" API 
(described above) returns a pointer to an Indicium structure which is included 
in the information for printing the information and which contain data 
representing the indicium. The contents of the Indicium data structure may 
include: 



Please replace the paragraph beginning on line 4 of page 29 with the following amended 
paragraph: 



The information for printing the indicium downloaded to requesting user 
system 23 5232-1, 232-2 may include various types of information 
representing the indicium (or indicia). According to an embodiment of the 
present invention, a bitmap or a graphical image representing the indicium 
may be included in the information for printing the indicium. According to 
another embodiment of the present invention , indicium data or a data 
structure comprising information representing the indicium may be included 
in the information for printing the indicium. According to yet another 
embodiment of the present invention, a data structure in XML format may be 
included. The XML format for the data structure may be as follows: 



Please replace the paragraph beginning on line 39 of page 29 with the following amended 
paragraph: 



The information for printing the indicium received by user system from 
postage vendor system 104 may then be printed using a printer device coupled 
to user system 23 3232- L 232-2 . The information may also be stored on a 
computer-readable storage media for subsequent printing of the indicium. In a 
specific embodiment of the present invention, user system 23 2232- L 232-2 
may convert the indicium data included in the information for printing the 
indicium to an indicium before printing. As previously stated, the indicium 
may be printed on any medium such as a label, sheet of labels, sheet of paper, 
directly on the mail piece itself, on an envelope, card, etc., but in preferred 
embodiments the indicia are printed on serialized label stock, possibly 
incorporating additional security features. 
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